[c-nsp] Strict multihoming supported on a Cisco?

Marcel Lammerse lammerse at xs4all.nl
Wed Jul 28 16:52:25 EDT 2004 

Hi all,

an incoming ip packet, addressed to a Cisco router, will be forwarded 
to the destination address even if that address is not the ip address 
of the directly connected interface:

spectrum2#sh ip int brief
Interface              IP-Address      OK? Method Status Protocol
Ethernet0              192.168.2.1     YES NVRAM  up                    
up
Serial0                unassigned      YES NVRAM  up                    
up
Serial0.1              172.16.1.1      YES NVRAM  up                    
up
Serial0.100            212.189.28.2    YES NVRAM  up                    
up
Serial1                unassigned      YES NVRAM  administratively down 
down
spectrum2#

Testmachine has an ip of 192.168.2.2 and has its default gateway 
pointing to 192.168.2.1

[test at testmachine]$ ping 212.189.28.2
PING 212.189.28.2 (212.189.28.2) from 192.168.2.2 : 56(84) bytes of 
data.
64 bytes from 212.189.28.2: icmp_seq=1 ttl=255 time=6.20 ms
64 bytes from 212.189.28.2: icmp_seq=2 ttl=255 time=2.08 ms
64 bytes from 212.189.28.2: icmp_seq=3 ttl=255 time=2.09 ms

I've heard some security concerns about this. Is there a way of 
enforcing what is known as the Strong End-System Model (RFC1122) or 
strict multihoming behavior on a Cisco router? Or would that break 
routing functionality (and thus would explain why I haven't seen it 
anywhere in the manuals)?

 From the rfc:

There are two key requirement issues related to multihoming:

             (A)  A host MAY silently discard an incoming datagram whose
                  destination address does not correspond to the physical
                  interface through which it is received.

             (B)  A host MAY restrict itself to sending (non-source-
                  routed) IP datagrams only through the physical
                  interface that corresponds to the IP source address of
                  the datagrams.


             DISCUSSION:
                  Internet host implementors have used two different
                  conceptual models for multihoming, briefly summarized
                  in the following discussion.  This document takes no
                  stand on which model is preferred; each seems to have a
                  place.  This ambivalence is reflected in the issues (A)
                  and (B) being optional.

                  o    Strong ES Model

                       The Strong ES (End System, i.e., host) model
                       emphasizes the host/gateway (ES/IS) distinction,
                       and would therefore substitute MUST for MAY in
                       issues (A) and (B) above.  It tends to model a
                       multihomed host as a set of logical hosts within
                       the same physical host.

			 o    Weak ES Model

                       This view de-emphasizes the ES/IS distinction, and
                       would therefore substitute MUST NOT for MAY in
                       issues (A) and (B).  This model may be the more
                       natural one for hosts that wiretap gateway routing
                       protocols, and is necessary for hosts that have
                       embedded gateway functionality.

Regards,

Marcel

More information about the cisco-nsp mailing list